svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief December 05, 2025

Private VPN — just $1.2/mo

React2Shell: Critical Remote Code Execution in React and Next.js

A critical vulnerability (CVE-2025-55182) in React’s Server Components (RSC) Flight protocol allows unauthenticated RCE via malicious HTTP requests. The flaw, dubbed React2Shell, affects React 19.0-19.2.0 and Next.js experimental releases 14.3.0-canary.77 onwards. Wiz reports 39% of cloud environments contain vulnerable React instances.
Impact: Attackers can execute arbitrary code on servers running vulnerable React/Next.js applications.
Mitigation: Update to React 19.0.1/19.1.2/19.2.1 or Next.js 15.0.5+/16.0.7+. Cloud providers (Google, AWS, Cloudflare) have deployed WAF rules.
Source: BleepingComputer

BrickStorm Malware Targets VMware Servers in Chinese Cyberattacks

CISA warns Chinese state-sponsored hackers (Warp Panda/UNC5221) are using BrickStorm malware to backdoor VMware vSphere servers, creating rogue VMs and stealing credentials. The malware uses nested TLS, SOCKS proxies, and DNS-over-HTTPS for evasion, persisting since April 2024 in some cases.
Impact: Compromised credentials and lateral movement in critical infrastructure networks.
Mitigation: Apply CISA’s YARA/Sigma rules, segment DMZ traffic, and block unauthorized DoH providers.
Source: BleepingComputer

AISURU Botnet Launches Record 29.7 Tbps DDoS Attack

Cloudflare mitigated a 29.7 Tbps UDP carpet-bombing attack from the AISURU botnet (1-4 million infected hosts), targeting telecoms, gaming, and financial sectors. The botnet randomized packet attributes to evade defenses and accounted for 1,304 hyper-volumetric attacks in Q3 2025.
Impact: Disruption of critical online services through unprecedented traffic volumes.
Mitigation: Deploy scalable DDoS protection with behavioral analysis to detect randomized packet attacks.
Source: The Hacker News

Aladdin Zero-Click Spyware Uses Malicious Ads for iOS/Android Infections

Intellexa’s Predator spyware now uses Aladdin, a zero-click vector delivering malware via weaponized ads served to targets via ad networks (DSPs). Victims are infected merely by viewing ads, with no interaction required. The infrastructure spans shell companies in Ireland, Germany, and the UAE.
Impact: Surveillance via compromised mobile devices, with data exfiltration via domestic telecom partnerships.
Mitigation: Enable browser ad-blockers and hide IPs from trackers (though Intellexa bypasses this via carrier cooperation).
Source: BleepingComputer

Marquis Ransomware Attack Exposes 788,000 Bank/Credit Union Customers

A ransomware attack on Marquis Software Solutions (via SonicWall firewall exploit) compromised personal/financial data from 74+ US banks/credit unions, including SSNs and account numbers. Subtotal filings across states show ~788,000 affected individuals.
Impact: Identity theft and financial fraud risks for banking customers.
Mitigation: Monitor credit reports, use offered identity protection services, and patch SonicWall appliances.
Source: DataBreaches

ArrayOS VPN Flaw Exploited to Plant Webshells

Hackers exploit an unpatched command injection flaw (no CVE assigned) in Array Networks AG Series VPN (versions ≤9.4.5.8) to deploy PHP webshells and rogue users. JPCERT notes attacks since August 2025, primarily targeting Japan.
Impact: Remote code execution and persistent access via compromised VPN gateways.
Mitigation: Disable DesktopDirect feature or upgrade to ArrayOS 9.4.5.9.
Source: BleepingComputer

Russian Hackers Target Reporters Without Borders with ProtonMail Phishing

Star Blizzard (Fancy Bear) posed as IT support to trick Reporters Without Borders into downloading malware via ProtonDrive links. The AiTM phishing kit intercepts 2FA and credentials.
Impact: Compromised journalist communications and potential intelligence gathering.
Source: SecurityWeek

Contractors Wipe 96 US Government Databases After Termination

Ex-State Department hackers Muneeb and Sohaib Akhter allegedly deleted 96 federal databases (including DHS and IRS records) post-firing. They also stole tax data for 450+ individuals using contractor access.
Impact: Disruption of FOIA and investigative records, with potential operational delays.
Source: BleepingComputer

Share this brief: https://svo.bz/XCKK

If you want to support us, you can donate here: Donate